3com MSR 20-20 참조 매뉴얼
2148
C
HAPTER
140: IPS
EC
C
ONFIGURATION
C
OMMANDS
■
SA parameters of IKE negotiated IPSec policies are subject to IKE, which is also
responsible for establishing SAs.
responsible for establishing SAs.
■
When configuring an IPSec policy, you need to set the parameters of both the
inbound and outbound SAs.
inbound and outbound SAs.
■
The SPI for the inbound SA at the local end must be the same as that for the
outbound SA at the remote end, and the SPI for the outbound SA at the local
end must be the same as that for the inbound SA at the remote end.
outbound SA at the remote end, and the SPI for the outbound SA at the local
end must be the same as that for the inbound SA at the remote end.
Related command:
Example
# Configure the SPI of the inbound SA to 10,000 and that of the outbound SA to
20,000.
20,000.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] sa spi inbound ah 10000
[Sysname-ipsec-policy-manual-policy1-100] sa spi outbound ah 20000
sa string-key
Syntax
sa string-key { inbound | outbound } { ah | esp } string-key
undo sa string-key { inbound | outbound } { ah | esp }
View
IPSec policy view
Parameter
inbound: Specifies the inbound SA through which. IPSec processes the received
packets.
packets.
outbound: Specifies the outbound SA through which IPSec processes the packets
to be sent.
to be sent.
ah: Uses AH.
esp: Uses ESP.
string-key: Key string for the SA, consisting of 1 to 255 characters. For different
algorithms, you can input strings at any length in the specified range. Using this
key string, the system automatically generates keys meeting the algorithm
requirements. When the protocol is ESP, the system generates the keys for the
authentication algorithm and encryption algorithm respectively.
algorithms, you can input strings at any length in the specified range. Using this
key string, the system automatically generates keys meeting the algorithm
requirements. When the protocol is ESP, the system generates the keys for the
authentication algorithm and encryption algorithm respectively.
Description
Use the sa string-key command to set an authentication key for an SA.
Use the undo sa string-key command to remove the configuration.
Note that:
■
This command applies to only manual IPSec policies.